Niestabilnosc systemu prosze o sprawdzenie loga

Logfile of HijackThis v1.99.1

Scan saved at 22:45:44, on 16/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\rob\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.homelearningcollege.com/Home … llege.aspx

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe

O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

O4 - HKLM…\Run: [rtasks] C:\Program Files\MenaceRescue\rtasks.exe

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

i combofix odrazu podczas skanowania wykryl mi tez jakiegos wirusa. mam nod 32

“rob” - 2007-07-17 18:18:30 - ComboFix 07-07-14.6 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\video activex access

C:\Program Files\VirusProtectPro 3.3

C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe

C:\UGA6P

C:\WINDOWS\system32\myqlejy.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPF

((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))

2007-07-17 18:18 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 21:18

2007-07-14 20:10

2007-07-12 18:49 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-07-12 18:48

2007-07-12 18:48

2007-07-09 20:26

2007-07-08 12:58

2007-07-08 12:57 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat

2007-07-08 12:57

2007-07-08 12:07

2007-07-08 11:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-07-08 11:51 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-07-08 11:51 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-07-08 11:51 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2007-07-08 11:51

2007-07-08 11:10

2007-07-04 17:26

2007-07-02 22:54

2007-07-02 22:53

2007-07-01 20:34

2007-07-01 20:30

2007-07-01 01:34

2007-07-01 01:30 786,432 --ah----- C:\DOCUME~1\ROB~1.HOM\NTUSER.DAT

2007-07-01 01:24 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-01 00:01

2007-06-30 23:23

2007-06-30 23:21

2007-06-30 18:24 2,097,152 --a------ C:\DOCUME~1\rob\ntuser.dat

2007-06-30 11:15

2007-06-28 22:17

2007-06-28 22:16

2007-06-28 22:16

2007-06-28 19:25

2007-06-28 19:15

2007-06-28 19:15

2007-06-28 19:15

2007-06-28 19:15

2007-06-28 18:46 1,277 --a------ C:\WINDOWS\mozver.dat

2007-06-28 18:27

2007-06-28 18:16

2007-06-28 18:13

2007-06-28 17:36 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-06-28 17:36 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-06-28 17:36 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-06-28 17:36 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-06-28 17:36 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-06-28 17:36 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2007-06-28 17:35 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-28 17:35 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-06-28 00:09 884,736 --a------ C:\WINDOWS\system32\msimsg.dll

2007-06-28 00:09 78,848 --a------ C:\WINDOWS\system32\msiexec.exe

2007-06-28 00:09 271,360 --a------ C:\WINDOWS\system32\msihnd.dll

2007-06-28 00:09 2,854,400 --a------ C:\WINDOWS\system32\msi.dll

2007-06-28 00:09 15,360 --a------ C:\WINDOWS\system32\msisip.dll

2007-06-28 00:09

2007-06-28 00:09

2007-06-28 00:04

2007-06-28 00:01 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-06-28 00:01 298,104 --a------ C:\WINDOWS\system32\imon.dll

2007-06-28 00:01 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-06-28 00:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-06-28 00:00 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys

2007-06-28 00:00 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-06-28 00:00 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-06-28 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-06-28 00:00 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2007-06-28 00:00 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2007-06-28 00:00 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys

2007-06-28 00:00 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-06-28 00:00 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2007-06-28 00:00 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2007-06-28 00:00 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2007-06-27 23:59 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-06-27 23:59 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-06-27 23:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2007-06-27 23:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-06-27 23:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2007-06-27 23:59 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys

2007-06-27 23:59 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-06-27 23:58 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-06-27 23:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2007-06-27 23:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

2007-06-27 23:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2004-07-22 09:51:34 3,432,656 -c–a-w C:\Program Files\ManagedDX.CAB

2004-07-19 21:58:36 1,156,363 -c–a-w C:\Program Files\BDANT.cab

2004-07-19 21:53:26 976,020 -c–a-w C:\Program Files\BDAXP.cab

2004-07-16 13:30:22 3,858 -c–a-w C:\Program Files\directx redist.txt

2004-07-09 13:17:16 13,265,040 -c–a-w C:\Program Files\dxnt.cab

2004-07-09 08:13:48 15,493,481 -c–a-w C:\Program Files\DirectX.cab

2004-07-09 08:13:46 703,080 -c–a-w C:\Program Files\BDA.cab

2004-07-09 03:08:36 472,576 -c–a-w C:\Program Files\dxsetup.exe

2004-07-09 03:08:34 2,242,560 -c–a-w C:\Program Files\dsetup32.dll

2004-07-09 02:03:10 62,976 -c–a-w C:\Program Files\DSETUP.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 00:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2006-01-11 16:23 C:\WINDOWS\RTHDCPL.EXE]

“Alcmtr”=“ALCMTR.EXE” [2005-05-03 17:43 C:\WINDOWS\ALCMTR.EXE]

“nwiz”=“nwiz.exe” [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 17:22 C:\WINDOWS\system32\nvmctray.dll]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-06-28 00:00]

“LifeCam”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe” [2006-10-13 17:01]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2004-12-20 19:41]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-06-08 15:18]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:56]

“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-08 18:43]

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-17 18:20:40

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-17 18:21:17 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-07-17 18:21

— E O F —

Proszę zastosować się do tego Tematu i edytować własnego

posta z użyciem funkcji icon_edit.gif

na konkretny oraz opisania problemu.

W przeciwnym razie topic wyląduje w Śmietniku.

Daj log z Combofix